From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hmh@hmh.eng.br>
X-Google-Smtp-Source: AH8x225chueEgNlxnUnVodLkjjJYdEzlvmbVVyHF0wD/+X5cebWdMW8Lz3QgT9LLiEfmct2qbX2Y
ARC-Seal: i=1; a=rsa-sha256; t=1516790991; cv=none;
        d=google.com; s=arc-20160816;
        b=pkjy4p9wdqR8tylKiRBGdTaxk/jyeUQbRj6ayswr0vMKTpbNkYBxLFmz2Fy6ECr0Yz
         TliHqhO6Il02AU+GwQJ31EGevB24uRS7b1BbjQwfIcyZztwsXs9kHgzINSCjUOSafnan
         U9ehauho3/A64S92v6OhN+RNJ6AzKJTmup1HYNDFWZ5H0q2z+iMe/UzaoxKbTlGgg1dx
         ImeK84Jvb3o8WwRW3IAZon4uoTEGmVQgMtKEkRR7CCI7qN4JTOez/infb26vCdkLYHrU
         vS+qgLeHTnVPpocjNTGYd5kh2UD/rbNnlFrl/qO4Fc678mZa/wrfz6U+3Y31FK0lkafC
         BnXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-disposition:mime-version:references
         :message-id:subject:cc:to:from:date:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=GImehW8DlwvTmM0cpuSkqUDxBMEQ5cEZH1fpfViiYIE=;
        b=bU4x/3kfsQ4wodk5BBT7Pu1lqArXiHFkTv3vQP9bd8Ochry/5Tm9jZk+oVGlkolIDP
         njKlzQzSXQVunWbl5LU2XNJy9EjpC30HTRMXhaCBnpaZ0w3nmp06z9l+FLcPqu++rzPy
         5kaUlQfQsQzElQSC6KcdUkshOTFpPwDVb4zvBuUIMSXO8+lw3BTC9If4vxoYXTCTg5j6
         8E7IzhWNWZz1s9ySHmHiwfEiK2b/Fg6Or/iVvB7aHPvRPaUKobH2tM3sf8gj2tJ6SikX
         oU1AeW2wraCrecAbQHoEQP4cqxU8lW2I5YGqMyi+16mXjfSPH/EzGLvbWBSXgNfNO166
         gNjQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@hmh.eng.br header.s=fm1 header.b=WNJHCVww;
       dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=TcsmGMIY;
       spf=neutral (google.com: 66.111.4.28 is neither permitted nor denied by best guess record for domain of hmh@hmh.eng.br) smtp.mailfrom=hmh@hmh.eng.br
Authentication-Results: mx.google.com;
       dkim=pass header.i=@hmh.eng.br header.s=fm1 header.b=WNJHCVww;
       dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=TcsmGMIY;
       spf=neutral (google.com: 66.111.4.28 is neither permitted nor denied by best guess record for domain of hmh@hmh.eng.br) smtp.mailfrom=hmh@hmh.eng.br
X-ME-Sender: <xms:zmRoWnJWCceZ8JREffQ4LWjpWzT4SClyQndKiMKEEnpTwWHHi9Sddg>
Date: Wed, 24 Jan 2018 08:49:44 -0200
From: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	KarimAllah Ahmed <karahmed@amazon.de>, linux-kernel@vger.kernel.org,
	Andi Kleen <ak@linux.intel.com>,	Andrea Arcangeli <aarcange@redhat.com>,
	Andy Lutomirski <luto@kernel.org>,
	Arjan van de Ven <arjan@linux.intel.com>,
	Ashok Raj <ashok.raj@intel.com>,	Asit Mallick <asit.k.mallick@intel.com>,
	Borislav Petkov <bp@suse.de>,	Dan Williams <dan.j.williams@intel.com>,
	Dave Hansen <dave.hansen@intel.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	"H . Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
	Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>,
	Joerg Roedel <joro@8bytes.org>,	Jun Nakajima <jun.nakajima@intel.com>,
	Laura Abbott <labbott@redhat.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
	Tim Chen <tim.c.chen@linux.intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>, kvm@vger.kernel.org,
	x86@kernel.org
Subject: Re: [RFC 05/10] x86/speculation: Add basic IBRS support
 infrastructure
Message-ID: <20180124104944.jbgxlvlkkqjweyar@khazad-dum.debian.net>
References: <1516476182-5153-1-git-send-email-karahmed@amazon.de>
 <1516476182-5153-6-git-send-email-karahmed@amazon.de>
 <alpine.DEB.2.20.1801211524160.1998@nanos>
 <1516741116.13558.11.camel@infradead.org>
 <20180124084735.GM2228@hirez.programming.kicks-ass.net>
 <1516784541.13558.90.camel@infradead.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1516784541.13558.90.camel@infradead.org>
X-GPG-Fingerprint1: 4096R/0x0BD9E81139CB4807: C467 A717 507B BAFE D3C1  6092
 0BD9 E811 39CB 4807
User-Agent: NeoMutt/20170113 (1.7.2)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: =?utf-8?q?1590140581449802182?=
X-GMAIL-MSGID: =?utf-8?q?1590470630612006379?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

On Wed, 24 Jan 2018, David Woodhouse wrote:
> I'm kind of tempted to turn it into a whitelist just by adding 1 to the
> microcode revision in each table entry. Sure, that N+1 might be another
> microcode build that also has issues but never saw the light of day...

Watch out for the (AFAIK) still not properly documented where it should
be (i.e. the microcode chapter of the Intel SDM) weirdness in Skylake+
microcode revision.  Actually, this is related to SGX, so anything that
has SGX.

When it has SGX inside, Intel will release microcode only with even
revision numbers, but the processor may report it as odd (and will do so
by subtracting 1, so microcode 0xb0 is the same as microcode 0xaf) when
the update is loaded by the processor itself from FIT (as opposed as
being loaded by WRMSR from BIOS/UEFI/OS).
 
So, you could see N-1 from within Linux if we did not update the
microcode, and fail to trigger a whitelist (or mistrigger a blacklist).

-- 
  Henrique Holschuh